"My Sign Requests", "My Canvases" and "My Signed Documents" folders need to be restricted
"My Sign Requests", "My Canvases" and "My Signed Documents" folders are created as private folders technically by Box, without any admin intervention. When using a closed folder structure, these folders can still be used by users to build their own folder structures, as they become the owner of this folder. This counteracts the idea of a closed folder system and represents a massive security gap. Users can then build folder structures and content in our box instance without any control by the admin and share them with external users.
These technically generated folders must therefore be restricted accordingly, or admins must have the option to impose usage restrictions for these private folders technically generated by Box. It must not be possible for these folders to be used and configured by users without admin control.
As a collection point for Box Sign processes or Canvases, this is fine, but to allow additional functionality that would otherwise not be possible in Box, represents a risk that can otherwise be controlled with a closed folder structure.